package cn.dlc.com.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

/**
 * @Author: dlc
 * @Date: 2021/11/26 - 11:27
 * 当前被当做了一个大大的资源服务器
 */
@Configuration
@EnableResourceServer
public class MyResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private TokenStore tokenStore;


    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {

        // 指定资源id，之前在认证里面指定的id
        // 如果有多个资源怎么办，这里如何绑定多个资源？？？？？？
        resources
                .resourceId("res_1")
                // 指定验证令牌的服务
                //  .tokenServices(tokenServices())
                .tokenStore(tokenStore)
                .stateless(true);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                // 访问权限中心不需要权限
                .antMatchers("/authority-server/**").permitAll()
                // 访问资源需要对客户端进行鉴权，
                .antMatchers("/resource-server/**").access("#oauth2.hasScope('all')");

    }
}
